meadrocks
Contributor
Contributor

syslog problems

Jump to solution

I have a ESXi standalone 6.7 server & I'm trying to get syslog to work, but all attempts have failed so far.

Here's my vmsyslog.conf file, and the syslog server name is resolving.

What am I missing?

Thanks

--Andrew

[root@vmware6:/var/log] cat /etc/vmsyslog.conf

[DEFAULT]

drop_log_size_kb = 100

logdir = /scratch/log

rotate = 8

check_ssl_certs = true

default_timeout = 180

logdir_unique = false

size = 1024

loghost = udp://syslog.z.com:514

queue_drop_mark = 90

drop_log_rotate = 10

[vmsyslog]

rotate = 8

size = 1024

loghost = udp://syslog.z.com:514

[root@vmware6:/var/log] ping syslog.z.com

PING syslog (192.168.240.13): 56 data bytes

64 bytes from 192.168.240.13: icmp_seq=0 ttl=64 time=0.149 ms

64 bytes from 192.168.240.13: icmp_seq=1 ttl=64 time=0.294 ms

0 Kudos
1 Solution

Accepted Solutions
Marmotte94
Enthusiast
Enthusiast

Hi,

You must enabled firewall with this command line.

#  esxcli network firewall ruleset set --enabled true --ruleset-id=syslog

Please mask as resolve.

Thank you,

Please, visit my blog http://www.purplescreen.eu/

View solution in original post

0 Kudos
6 Replies
GayathriS
Expert
Expert

Are you following the steps provide din below doc to configure syslog on esxi 6.7 :

Configure Syslog on ESXi Hosts

Could you also help me understand if you are getting any errors while configuring syslog.

regards

Gayathri

0 Kudos
meadrocks
Contributor
Contributor

I don't see any errors.

[root@vmware6:~] esxcli system syslog config get

   Default Network Retry Timeout: 180

   Dropped Log File Rotation Size: 100

   Dropped Log File Rotations: 10

   Enforce SSLCertificates: true

   Local Log Output: /scratch/log

   Local Log Output Is Configured: true

   Local Log Output Is Persistent: true

   Local Logging Default Rotation Size: 1024

   Local Logging Default Rotations: 8

   Log To Unique Subdirectory: false

   Message Queue Drop Mark: 90

   Remote Host: udp://syslog.z.com:514

[root@vmware6:~] esxcli system syslog reload

[root@vmware6:~]

0 Kudos
Marmotte94
Enthusiast
Enthusiast

Hi,

Verify your Firewall from esxi to syslog.

#  esxcli network firewall ruleset list --ruleset-id=syslog

#  esxcli network firewall ruleset rule list --ruleset-id=syslog

# esxcli network firewall ruleset allowedip list --ruleset-id=syslog

Thank you,

Please, visit my blog http://www.purplescreen.eu/
0 Kudos
meadrocks
Contributor
Contributor

[root@vmware6:~]  esxcli network firewall ruleset list --ruleset-id=syslog

Name    Enabled

------  -------

syslog    false

[root@vmware6:~] esxcli network firewall ruleset rule list --ruleset-id=syslog

Ruleset  Direction  Protocol  Port Type  Port Begin  Port End

-------  ---------  --------  ---------  ----------  --------

syslog   Outbound   UDP       Dst               514       514

syslog   Outbound   TCP       Dst               514       514

syslog   Outbound   TCP       Dst              1514      1514

[root@vmware6:~] esxcli network firewall ruleset allowedip list --ruleset-id=syslog

Ruleset  Allowed IP Addresses

-------  --------------------

syslog   All

Do I need to open the firewall for syslog? How do I do that? I'm very new to vmware.

0 Kudos
meadrocks
Contributor
Contributor

I did the following, seems to have fixed it.

esxcli network firewall ruleset set --ruleset-id syslog --enabled true

esxcli network firewall ruleset allowedip list --ruleset-id syslog

0 Kudos
Marmotte94
Enthusiast
Enthusiast

Hi,

You must enabled firewall with this command line.

#  esxcli network firewall ruleset set --enabled true --ruleset-id=syslog

Please mask as resolve.

Thank you,

Please, visit my blog http://www.purplescreen.eu/
0 Kudos